| commit | 5516c8c0740a3530461c095f73bfd51d4970c4f8 | [log] [tgz] |
|---|---|---|
| author | Quan Nguyen <quannguyen@google.com> | Thu Mar 09 01:16:38 2017 +0000 |
| committer | Thai Duong <thaidn@google.com> | Wed Mar 22 17:14:26 2017 -0700 |
| tree | f9b73113181dc61a536fe2c5d35e50d7e6531ed0 | |
| parent | d5a2a934cf811c2870d319d80a35cc0bcd2a05f4 [diff] |
Merge "PublicKeyVerify's verify() will return void, instead of boolean." ORIGINAL_AUTHOR=Quan Nguyen <quannguyen@google.com> GitOrigin-RevId: 26d74f3acb9d38a1ca95c1515661da542c73698d
An open-source SDK that provides cloud customers with cryptographic functionalities needed to extend key management offering of Cloud KMS.
In particular, Cloud KMS needs support for “Envelope Encryption”, i.e., a client-side encryption of data with user-generated keys protected by KMS encryption: cloud user generates a data encryption key (DEK) locally, encrypts data with DEK, sends DEK to Storky to be encrypted (with a key managed by Storky), and stores encrypted DEK with encrypted data; at a later point user can retrieve encrypted data and DEK, use Storky to decrypt DEK, and use decrypted DEK to decrypt the data. A guiding principles for the design of the SDK are security, simplicity, and resistance to user errors.